[RADIATOR] Handler matching multiple Service-Types

[Herrmann, Daniel]

Hello,

We are using Radiator as Radius-Server for various Switches. We have two 
different Handlers, one for Cisco and HP gears, and one for Extreme Switches.

They are nearly identical, even the reply, except of the Service Type. Cisco 
Requests have the attribute Service-Type=Call-Check, whereas Extreme switches 
have Service-Type=Login-User set.

Is there a way to write a handler matching both Service-Types without omitting 
the check?

Best Regards
Daniel

---
Daniel Herrmann
Competence Center Lan (CC-LAN)

Fraunhofer-Institut für Graphische Datenverarbeitung IGD
Fraunhoferstr. 5  |  64283 Darmstadt  |  Germany
Tel +49 6151 155-346  |  Fax +49 6151 155-399
daniel.herrm...@igd.fraunhofer.de | www.igd.fraunhofer.de/

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Handler matching multiple Service-Types

[Hugh Irvine]

Hello Daniel -

Something like this should work:


Handler Service-Type = /Call-Check|Login-User/

…..

/Handler


regards

Hugh


On 6 May 2013, at 18:20, Herrmann, Daniel daniel.herrm...@igd.fraunhofer.de 
wrote:

 Hello,
 
 We are using Radiator as Radius-Server for various Switches. We have two 
 different Handlers, one for Cisco and HP gears, and one for Extreme Switches.
 
 They are nearly identical, even the reply, except of the Service Type. Cisco 
 Requests have the attribute Service-Type=Call-Check, whereas Extreme switches 
 have Service-Type=Login-User set.
 
 Is there a way to write a handler matching both Service-Types without 
 omitting the check?
 
 Best Regards
 Daniel
 
 ---
 Daniel Herrmann
 Competence Center Lan (CC-LAN)
 
 Fraunhofer-Institut für Graphische Datenverarbeitung IGD
 Fraunhoferstr. 5  |  64283 Darmstadt  |  Germany
 Tel +49 6151 155-346  |  Fax +49 6151 155-399
 daniel.herrm...@igd.fraunhofer.de | www.igd.fraunhofer.de/
 
 ___
 radiator mailing list
 radiator@open.com.au
 http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Handler type Stop/Alive distinguished processing

[Thomas Kurian]

 quotacounter \

where username='%n' \

And type = 'Q'

#AuthColumnDef 0, Session-Timeout, reply




AcctSQLStatement update quotacounter set \

monthlycounter=monthlycounter+%{Acct-Input-Octets} \

where username='%n' \

And Type = 'Q'




AuthSelect select totalcounter from quotacounter \

where username='%n' \

And Type = 'Q'




AcctSQLStatement update quotacounter set \

totalcounter=totalcounter+%{Acct-Input-Octets} \

where username='%n' \

And Type = 'Q'




PostAuthHook file:%D/thomas.pl;




/AuthBy




/Handler










# Accept processing of other accounting requests of the genre start 
and interim





Handler Request-Type = Accounting-Request



Realm DEFAULT

AuthBy SQL




DBSource dbi:mysql:radius

DBUsername 

DBAuth 










AccountingTable ACCOUNTING

AcctColumnDef USERNAME, User-Name

AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type

AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address

AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets

AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets

AcctColumnDef TIME_STAMP,Event-Timestamp

AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time

AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time

AcctColumnDef ACCTSESSIONID,Acct-Session-Id

AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause

AcctColumnDef NASIDENTIFIER,NAS-Identifier

AcctColumnDef NASPORT,NAS-Port

AcctColumnDef ACCTSESSIONID,Acct-Session-Id




/AuthBy

# Log accounting to a detail file

AcctLogFileName %L/detail







/Realm

/Handler





Requesting your kind help, Thomas Kurian IT Security Engineer 
(B.Tech. -- Electrical) Kuwaiti Canadian Consulting Group 
(www.kccg.com) T: +965 22435566 F: +965 22415149 E: tho...@kccg.com

On 3/27/2013 8:00 PM, radiator-requ...@open.com.au wrote:
Send radiator mailing list submissions to radiator@open.com.au To 
subscribe or unsubscribe via the World Wide Web, visit 
http://www.open.com.au/mailman/listinfo/radiator or, via email, send 
a message with subject or body 'help' to 
radiator-requ...@open.com.au You can reach the person managing the 
list at radiator-ow...@open.com.au When replying, please edit your 
Subject line so it is more specific than Re: Contents of radiator 
digest... Today's Topics: 1. Re: Handler type Stop/Alive 
distinguished processing (Michael Newton) 
-- 
Message: 1 Date: Wed, 27 Mar 2013 09:41:40 -0700 From: Michael 
Newton mnew...@pofp.com Subject: Re: [RADIATOR] Handler type 
Stop/Alive distinguished processing To: radiator@open.com.au 
Message-ID: 
CADEoLhCoJHu0vQChsC5-czmG24k+kwsSnw=fzydovji-bh-...@mail.gmail.com 
Content-Type: text/plain; charset=utf-8 On 27 March 2013 09:29, 
radiator-requ...@open.com.au wrote:
My requirement is to process and handle ,Alive and Stop packet 
separately and the configuration must be called/processed 
separately ,each time the radiator receives it based on the Acct 
Status type as described above. Please help me out , i could not 
find an explanation for this anywhere and i am confused. Please let 
me know, if you need any more specifics to help me out. 
There shouldn't be any problem with using Handler 
Acct-Status-Type=Start, Handler Acct-Status-Type=Alive, or 
Handler Acct-Status-Type=Stop, it is how we do accounting on our 
server. Maybe make sure you you are using AuthByPolicy 
ContinueWhileIgnore if you have problems with subsequent handlers 
not getting called? If that doesn't help, I'd suggest posting the 
config that doesn't work instead of the one that does; other people 
may be able to provide more suggestions. Mike -- next 
part -- An HTML attachment was scrubbed... URL: 
http://www.open.com.au/pipermail/radiator/attachments/20130327/ab98603b/attachment-0001.html 
-- 
___ radiator mailing 
list radiator@open.com.au 
http://www.open.com.au/mailman/listinfo/radiator End of radiator 
Digest, Vol 46, Issue 24  


___ radiator mailing list 
radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator 


___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Handler type Stop/Alive distinguished processing

[Heikki Vatiainen]

On 04/04/2013 01:30 PM, Thomas Kurian wrote:

 How to resolve this issue , i require both the handlers to process the
 respective packets contents when each of the kind is received by
 radiator from the NAS. Please help me out.

I think you are missing closing /AuthBy. You have AcctColumnDef
followed by /Handler. Add /AuthBy before the /Handler.

 Handler Acct-Status-Type = Stop
 AuthBy SQL

...

 AcctColumnDef   NASPORT,NAS-Port,integer
 /Handler



-- 
Heikki Vatiainen h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Handler type Stop/Alive distinguished processing

[Michael]

 this question)_


AcctPort 1813

AuthPort 1812




BindAddress 0.0.0.0


LogDir /var/log/radius

DbDir /etc/radiator

# Use a low trace level in production systems. Increase

# it to 4 or 5 for debugging, or use the -trace flag to radiusd

Trace 4

# You will probably want to add other Clients to suit your work site,

# one for each NAS you want to work with





Client DEFAULT

Secret 

DupInterval 0

/Client










Client 10.50.1.4

Secret xxx

DupInterval 0

NasType Cisco

IgnoreAcctSignature

/Client




#For strictly processing with Accounting Stop packets




Handler Acct-Status-Type = Stop




AuthBy SQL

Identifier Block-Quota-SQL




DBSource dbi:mysql:radius

DBUsername 

DBAuth x




AccountingStopsOnly

AccountingTable quotacouunter

AuthColumnDef username,User-Name,check







AuthSelect select monthlycounter from quotacounter \

where username='%n' \

And type = 'Q'

#AuthColumnDef 0, Session-Timeout, reply




AcctSQLStatement update quotacounter set \

monthlycounter=monthlycounter+%{Acct-Input-Octets} \

where username='%n' \

And Type = 'Q'




AuthSelect select totalcounter from quotacounter \

where username='%n' \

And Type = 'Q'




AcctSQLStatement update quotacounter set \

totalcounter=totalcounter+%{Acct-Input-Octets} \

where username='%n' \

And Type = 'Q'




PostAuthHook file:%D/thomas.pl;




/AuthBy




/Handler










# Accept processing of other accounting requests of the genre start 
and interim





Handler Request-Type = Accounting-Request



Realm DEFAULT

AuthBy SQL




DBSource dbi:mysql:radius

DBUsername 

DBAuth 










AccountingTable ACCOUNTING

AcctColumnDef USERNAME, User-Name

AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type

AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address

AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets

AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets

AcctColumnDef TIME_STAMP,Event-Timestamp

AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time

AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time

AcctColumnDef ACCTSESSIONID,Acct-Session-Id

AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause

AcctColumnDef NASIDENTIFIER,NAS-Identifier

AcctColumnDef NASPORT,NAS-Port

AcctColumnDef ACCTSESSIONID,Acct-Session-Id




/AuthBy

# Log accounting to a detail file

AcctLogFileName %L/detail







/Realm

/Handler





Requesting your kind help, Thomas Kurian IT Security Engineer 
(B.Tech. -- Electrical) Kuwaiti Canadian Consulting Group 
(www.kccg.com) T: +965 22435566 F: +965 22415149 E: tho...@kccg.com

On 3/27/2013 8:00 PM, radiator-requ...@open.com.au wrote:
Send radiator mailing list submissions to radiator@open.com.au To 
subscribe or unsubscribe via the World Wide Web, visit 
http://www.open.com.au/mailman/listinfo/radiator or, via email, 
send a message with subject or body 'help' to 
radiator-requ...@open.com.au You can reach the person managing the 
list at radiator-ow...@open.com.au When replying, please edit your 
Subject line so it is more specific than Re: Contents of radiator 
digest... Today's Topics: 1. Re: Handler type Stop/Alive 
distinguished processing (Michael Newton) 
-- 
Message: 1 Date: Wed, 27 Mar 2013 09:41:40 -0700 From: Michael 
Newton mnew...@pofp.com Subject: Re: [RADIATOR] Handler type 
Stop/Alive distinguished processing To: radiator@open.com.au 
Message-ID: 
CADEoLhCoJHu0vQChsC5-czmG24k+kwsSnw=fzydovji-bh-...@mail.gmail.com Content-Type: 
text/plain; charset=utf-8 On 27 March 2013 09:29, 
radiator-requ...@open.com.au wrote:
My requirement is to process and handle ,Alive and Stop packet 
separately and the configuration must be called/processed 
separately ,each time the radiator receives it based on the Acct 
Status type as described above. Please help me out , i could not 
find an explanation for this anywhere and i am confused. Please 
let me know, if you need any more specifics to help me out. 
There shouldn't be any problem with using Handler 
Acct-Status-Type=Start, Handler Acct-Status-Type=Alive, or 
Handler Acct-Status-Type=Stop, it is how we do accounting on our 
server. Maybe make sure you you are using AuthByPolicy 
ContinueWhileIgnore if you have problems with subsequent handlers 
not getting called? If that doesn't help, I'd suggest posting the 
config that doesn't work instead of the one that does; other people 
may be able to provide more suggestions. Mike -- next 
part -- An HTML attachment was scrubbed... URL: 
http://www.open.com.au/pipermail/radiator/attachments/20130327/ab98603b/attachment-0001.html 
-- 
___ radiator mailing 
list radiator@open.com.au 
http://www.open.com.au/mailman/listinfo/radiator End of radiator 
Digest, Vol 46, Issue 24  


___ radiator mailing 
list radiator@open.com.au 
http://www.open.com.au/mailman/listinfo

[RADIATOR] Handler type Stop/Alive distinguished processing

[Thomas Kurian]

Hi Friends,
I have a doubt about handlers. Below is my current configuration , but i 
have plans to distinguish this configuration as two parts for further 
development. One part is to be handled by handler clause Handler 
Acct-Status-Type = Alive and the other part is to be handled by 
Handler Acct-Status-Type = Stop.


Previously i had made a configuration similar to this, but the 2nd 
defined handler clause in radiator config was never called. Why is this? 
How is a right way/syntax to implement the above mentioned requirement 
of mine? I previously got a reply something like  first matching clause 
would be used and others would be  ignored . Can you please elaborate 
this , i did not understand this?


My requirement is to process and handle ,Alive and Stop packet 
separately  and the configuration must be called/processed separately 
,each time the radiator receives it based on the Acct Status type as 
described above. Please help me out , i could not find an explanation 
for this anywhere and i am confused. Please let me know, if you need any 
more specifics to help me out.



_Configuration _

#Foreground
#LogStdout

AcctPort 1813
AuthPort 1812

BindAddress 0.0.0.0

LogDir  /var/log/radius
DbDir   /etc/radiator
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace   4

# You will probably want to add other Clients to suit your work site,

Client DEFAULT
Secret  x
DupInterval 0
/Client


Client 10.50.1.4
Secret x
DupInterval 0
NasType Cisco
IgnoreAcctSignature
/Client

SessionDatabase SQL


Identifier  tamesql
DBSourcedbi:ODBC:IRONMAN
DBUsername  xx
DBAuth  x

/SessionDatabase





Handler Request-Type = Accounting-Request
PreProcessingHook file:/etc/radiator/createavpairs.pl
AuthBy SQL
Identifier thomas
DBSource dbi:ODBC:IRONMAN
DBUsername 
DBAuth x


#AccountingStopsOnly
AccountingTable ACCOUNTING
AcctColumnDef   USERNAME, User-Name
AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef TIME_STAMP,Event-Timestamp,integer-date
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef   NASIDENTIFIER,NAS-Identifier
AcctColumnDef   NASPORT,NAS-Port,integer
AcctColumnDef   PARENTSESSIONID,parent-session-id

AcctSQLStatement update quotasubscribers set 
monthlycounter = monthlycounter + 0%{Acct-Output-Octets}, totalcounter = 
totalcounter + 0%{Acct-Output-Octets}, timestamp = %{Event-Timestamp}  \

where username='%n' \
And Type = 'Q'



/AuthBy
PostAuthHook file:/etc/radiator/rocky.pl
#Log accounting to a detail file
AcctLogFileName %L/detail


/Handler




Handler Request-Type=Disconnect-Request
AuthBy RADIUS

Host 10.50.1.4
Secret xx
/Host
/AuthBy
/Handler

--
Thanks  Best Regards,

Thomas Kurian
IT Security Engineer (B.Tech. -- Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E: tho...@kccg.com

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Handler type Stop/Alive distinguished processing

[Michael Newton]

On 27 March 2013 09:29, radiator-requ...@open.com.au wrote:


 My requirement is to process and handle ,Alive and Stop packet separately
 and the configuration must be called/processed separately ,each time the
 radiator receives it based on the Acct Status type as described above.
 Please help me out , i could not find an explanation for this anywhere and
 i am confused. Please let me know, if you need any more specifics to help
 me out.


There shouldn't be any problem with using Handler Acct-Status-Type=Start,
Handler Acct-Status-Type=Alive, or Handler Acct-Status-Type=Stop, it is
how we do accounting on our server. Maybe make sure you you are using
AuthByPolicy ContinueWhileIgnore if you have problems with subsequent
handlers not getting called?

If that doesn't help, I'd suggest posting the config that doesn't work
instead of the one that does; other people may be able to provide more
suggestions.

Mike
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Handler type Stop/Alive distinguished processing

[Michael]

AuthByPolicy has to do with the processing of the AuthBy's in Handlers, 
not the handlers themselves.  Radiator will process the Handlers in 
order they are in the config file, and will only process the first 
match. that's it.  If you want to do multiple things with the same 
packet, you would have to configure only 1 Handler, and multiple 
AuthBy's to do more than one thing with a packet.


Michael



On 27/03/13 12:41 PM, Michael Newton wrote:
On 27 March 2013 09:29, radiator-requ...@open.com.au 
mailto:radiator-requ...@open.com.au wrote:



My requirement is to process and handle ,Alive and Stop packet
separately  and the configuration must be called/processed
separately ,each time the radiator receives it based on the Acct
Status type as described above. Please help me out , i could not
find an explanation for this anywhere and i am confused. Please
let me know, if you need any more specifics to help me out.


There shouldn't be any problem with using Handler 
Acct-Status-Type=Start, Handler Acct-Status-Type=Alive, or Handler 
Acct-Status-Type=Stop, it is how we do accounting on our server. 
Maybe make sure you you are using AuthByPolicy ContinueWhileIgnore 
if you have problems with subsequent handlers not getting called?


If that doesn't help, I'd suggest posting the config that doesn't work 
instead of the one that does; other people may be able to provide more 
suggestions.


Mike



___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Handler type Stop/Alive distinguished processing

[Thomas Kurian]

Hi Mike,
Thanks for your email. Can you please tell me where exactly i have to 
add AuthByPolicy ContinueWhileIgnore? Should it go under each handler 
clause inside Authby sql?


_My old config (which didnt work ,Start packets were never getting 
processed) (this was the config i had problem a long time ago.. which 
lead me to ask this question)_


AcctPort 1813

AuthPort 1812


BindAddress 0.0.0.0


LogDir /var/log/radius

DbDir /etc/radiator

# Use a low trace level in production systems. Increase

# it to 4 or 5 for debugging, or use the -trace flag to radiusd

Trace 4

# You will probably want to add other Clients to suit your work site,

# one for each NAS you want to work with



Client DEFAULT

Secret 

DupInterval 0

/Client





Client 10.50.1.4

Secret xxx

DupInterval 0

NasType Cisco

IgnoreAcctSignature

/Client


#For strictly processing with Accounting Stop packets


Handler Acct-Status-Type = Stop


AuthBy SQL

Identifier Block-Quota-SQL


DBSource dbi:mysql:radius

DBUsername 

DBAuth x


AccountingStopsOnly

AccountingTable quotacouunter

AuthColumnDef username,User-Name,check



AuthSelect select monthlycounter from quotacounter \

where username='%n' \

And type = 'Q'

#AuthColumnDef 0, Session-Timeout, reply


AcctSQLStatement update quotacounter set \

monthlycounter=monthlycounter+%{Acct-Input-Octets} \

where username='%n' \

And Type = 'Q'


AuthSelect select totalcounter from quotacounter \

where username='%n' \

And Type = 'Q'


AcctSQLStatement update quotacounter set \

totalcounter=totalcounter+%{Acct-Input-Octets} \

where username='%n' \

And Type = 'Q'


PostAuthHook file:%D/thomas.pl;


/AuthBy


/Handler




# Accept processing of other accounting requests of the genre start and 
interim



Handler Request-Type = Accounting-Request


Realm DEFAULT

AuthBy SQL


DBSource dbi:mysql:radius

DBUsername 

DBAuth 




AccountingTable ACCOUNTING

AcctColumnDef USERNAME, User-Name

AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type

AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address

AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets

AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets

AcctColumnDef TIME_STAMP,Event-Timestamp

AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time

AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time

AcctColumnDef ACCTSESSIONID,Acct-Session-Id

AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause

AcctColumnDef NASIDENTIFIER,NAS-Identifier

AcctColumnDef NASPORT,NAS-Port

AcctColumnDef ACCTSESSIONID,Acct-Session-Id


/AuthBy

# Log accounting to a detail file

AcctLogFileName %L/detail



/Realm

/Handler




Requesting your kind help,

Thomas Kurian
IT Security Engineer (B.Tech. -- Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E: tho...@kccg.com

On 3/27/2013 8:00 PM, radiator-requ...@open.com.au wrote:

Send radiator mailing list submissions to
radiator@open.com.au

To subscribe or unsubscribe via the World Wide Web, visit
http://www.open.com.au/mailman/listinfo/radiator
or, via email, send a message with subject or body 'help' to
radiator-requ...@open.com.au

You can reach the person managing the list at
radiator-ow...@open.com.au

When replying, please edit your Subject line so it is more specific
than Re: Contents of radiator digest...


Today's Topics:

1. Re: Handler type Stop/Alive distinguished processing
   (Michael Newton)


--

Message: 1
Date: Wed, 27 Mar 2013 09:41:40 -0700
From: Michael Newton mnew...@pofp.com
Subject: Re: [RADIATOR] Handler type Stop/Alive distinguished
processing
To: radiator@open.com.au
Message-ID:
CADEoLhCoJHu0vQChsC5-czmG24k+kwsSnw=fzydovji-bh-...@mail.gmail.com
Content-Type: text/plain; charset=utf-8

On 27 March 2013 09:29, radiator-requ...@open.com.au wrote:


My requirement is to process and handle ,Alive and Stop packet separately
and the configuration must be called/processed separately ,each time the
radiator receives it based on the Acct Status type as described above.
Please help me out , i could not find an explanation for this anywhere and
i am confused. Please let me know, if you need any more specifics to help
me out.


There shouldn't be any problem with using Handler Acct-Status-Type=Start,
Handler Acct-Status-Type=Alive, or Handler Acct-Status-Type=Stop, it is
how we do accounting on our server. Maybe make sure you you are using
AuthByPolicy ContinueWhileIgnore if you have problems with subsequent
handlers not getting called?

If that doesn't help, I'd suggest posting the config that doesn't work
instead of the one that does; other people may be able to provide more
suggestions.

Mike
-- next part --
An HTML attachment was scrubbed...
URL: 
http://www.open.com.au/pipermail/radiator/attachments/20130327/ab98603b/attachment-0001.html

Re: [RADIATOR] Handler type Stop/Alive distinguished processing

[Michael]

AuthByPolicy is only for what to do when you have multiple authby's.  
you only have 1 per handler here so it's irrelevant.


Best to show some debug log of this in action with a start packet to 
figure out what's going on.  the config looks like it should at least 
handle the start packet.




On 27/03/13 03:32 PM, Thomas Kurian wrote:

Hi Mike,
Thanks for your email. Can you please tell me where exactly i have to 
add AuthByPolicy ContinueWhileIgnore? Should it go under each 
handler clause inside Authby sql?


_My old config (which didnt work ,Start packets were never getting 
processed) (this was the config i had problem a long time ago.. which 
lead me to ask this question)_


AcctPort 1813

AuthPort 1812




BindAddress 0.0.0.0


LogDir /var/log/radius

DbDir /etc/radiator

# Use a low trace level in production systems. Increase

# it to 4 or 5 for debugging, or use the -trace flag to radiusd

Trace 4

# You will probably want to add other Clients to suit your work site,

# one for each NAS you want to work with





Client DEFAULT

Secret 

DupInterval 0

/Client










Client 10.50.1.4

Secret xxx

DupInterval 0

NasType Cisco

IgnoreAcctSignature

/Client




#For strictly processing with Accounting Stop packets




Handler Acct-Status-Type = Stop




AuthBy SQL

Identifier Block-Quota-SQL




DBSource dbi:mysql:radius

DBUsername 

DBAuth x




AccountingStopsOnly

AccountingTable quotacouunter

AuthColumnDef username,User-Name,check







AuthSelect select monthlycounter from quotacounter \

where username='%n' \

And type = 'Q'

#AuthColumnDef 0, Session-Timeout, reply




AcctSQLStatement update quotacounter set \

monthlycounter=monthlycounter+%{Acct-Input-Octets} \

where username='%n' \

And Type = 'Q'




AuthSelect select totalcounter from quotacounter \

where username='%n' \

And Type = 'Q'




AcctSQLStatement update quotacounter set \

totalcounter=totalcounter+%{Acct-Input-Octets} \

where username='%n' \

And Type = 'Q'




PostAuthHook file:%D/thomas.pl;




/AuthBy




/Handler










# Accept processing of other accounting requests of the genre start 
and interim





Handler Request-Type = Accounting-Request



Realm DEFAULT

AuthBy SQL




DBSource dbi:mysql:radius

DBUsername 

DBAuth 










AccountingTable ACCOUNTING

AcctColumnDef USERNAME, User-Name

AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type

AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address

AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets

AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets

AcctColumnDef TIME_STAMP,Event-Timestamp

AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time

AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time

AcctColumnDef ACCTSESSIONID,Acct-Session-Id

AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause

AcctColumnDef NASIDENTIFIER,NAS-Identifier

AcctColumnDef NASPORT,NAS-Port

AcctColumnDef ACCTSESSIONID,Acct-Session-Id




/AuthBy

# Log accounting to a detail file

AcctLogFileName %L/detail







/Realm

/Handler





Requesting your kind help, Thomas Kurian IT Security Engineer (B.Tech. 
-- Electrical) Kuwaiti Canadian Consulting Group (www.kccg.com) T: 
+965 22435566 F: +965 22415149 E: tho...@kccg.com

On 3/27/2013 8:00 PM, radiator-requ...@open.com.au wrote:
Send radiator mailing list submissions to radiator@open.com.au To 
subscribe or unsubscribe via the World Wide Web, visit 
http://www.open.com.au/mailman/listinfo/radiator or, via email, send 
a message with subject or body 'help' to radiator-requ...@open.com.au 
You can reach the person managing the list at 
radiator-ow...@open.com.au When replying, please edit your Subject 
line so it is more specific than Re: Contents of radiator digest... 
Today's Topics: 1. Re: Handler type Stop/Alive distinguished 
processing (Michael Newton) 
-- Message: 
1 Date: Wed, 27 Mar 2013 09:41:40 -0700 From: Michael Newton 
mnew...@pofp.com Subject: Re: [RADIATOR] Handler type Stop/Alive 
distinguished processing To: radiator@open.com.au Message-ID: 
CADEoLhCoJHu0vQChsC5-czmG24k+kwsSnw=fzydovji-bh-...@mail.gmail.com 
Content-Type: text/plain; charset=utf-8 On 27 March 2013 09:29, 
radiator-requ...@open.com.au wrote:
My requirement is to process and handle ,Alive and Stop packet 
separately and the configuration must be called/processed separately 
,each time the radiator receives it based on the Acct Status type as 
described above. Please help me out , i could not find an 
explanation for this anywhere and i am confused. Please let me know, 
if you need any more specifics to help me out. 
There shouldn't be any problem with using Handler 
Acct-Status-Type=Start, Handler Acct-Status-Type=Alive, or 
Handler Acct-Status-Type=Stop, it is how we do accounting on our 
server. Maybe make sure you you are using AuthByPolicy 
ContinueWhileIgnore if you have problems with subsequent handlers 
not getting called? If that doesn't help, I'd suggest posting the 
config

[RADIATOR] Handler regex for User-Name matching help

[Gregory Fuller]

I'm trying to match a handler clause when the User-Name attribute is
NOT equal to a particular regex statement.

User-Name is:  CP-7942G-SEP2893FE127C54

My Handler statement that does match the User-Name is:

Handler Client-Identifier=SWITCHES, NAS-Port-Type=Ethernet,
EAP-Message = /.+/, User-Name = /(.+)SEP([0-9a-fA-F]{12})$/


Any idea how I can use a regex to match all User-Name values that DO
NOT equal /(.+)SEP([0-9a-fA-F]{12})$/

I was hoping I could just do a User-Name !=
/(.+)SEP([0-9a-fA-F]{12})$/ on the handler line but Radiator doesn't
like that syntax.  :(  Here's what it returns:

Fri Sep 10 09:09:09 2010: ERR: Bad attribute=value pair: User-Name !=
/(.+)SEP([0-9a-fA-F]{12})$/

--greg


Gregory A. Fuller - CCNA
Network Manager
State University of New York at Oswego
Phone: (315) 312-5750
http://www.oswego.edu/~gfuller
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Handler regex for User-Name matching help

[Gregory Fuller]

So after a lot of googling and playing around with different
combinations I came up with the following:

/^(?!CP-)(?!-SEP([0-9a-fA-F]{12}$))/

It sort of works.  It doesn't match when I feed it the username
(CP-7942G-SEP2893FE127C54) -- which is exactly what I'm looking for (I
don't want it to match).

But I get the following when trying other usernames:

UsernameCondition   Results
---
signup  doesn't match   expected
signup-SEP2893FE127C54  doesn't match   expected
CP-7942G-SEP2893FE127C5 matches expected
CP-signup-SEP2893FE127C5matches expected
CP-signup   matches not expected (should NOT match)

As you can tell I'm not a regular expression person.  :)  Any ideas?

--greg
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Handler regex for User-Name matching help

[Hugh Irvine]

Hello Greg -

I tend to prefer Handler's that match, rather than not.

So I would do something like this:


…..

# deal with phones

Handler Client-Identifier=SWITCHES, NAS-Port-Type=Ethernet,
EAP-Message = /.+/, User-Name = /(.+)SEP([0-9a-fA-F]{12})$/
…..
/Handler

# deal with whatever else (if required)

Handler …..
…..
/Handler

…..

# deal with everything else

Handler
…..
/Handler

…..

hope that helps

regards

Hugh


On 10 Sep 2010, at 13:25, Gregory Fuller wrote:

 So after a lot of googling and playing around with different
 combinations I came up with the following:
 
 /^(?!CP-)(?!-SEP([0-9a-fA-F]{12}$))/
 
 It sort of works.  It doesn't match when I feed it the username
 (CP-7942G-SEP2893FE127C54) -- which is exactly what I'm looking for (I
 don't want it to match).
 
 But I get the following when trying other usernames:
 
 Username  Condition   Results
 ---
 signupdoesn't match   expected
 signup-SEP2893FE127C54doesn't match   expected
 CP-7942G-SEP2893FE127C5   matches expected
 CP-signup-SEP2893FE127C5  matches expected
 CP-signup matches not expected (should NOT match)
 
 As you can tell I'm not a regular expression person.  :)  Any ideas?
 
 --greg
 ___
 radiator mailing list
 radiator@open.com.au
 http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual (doc/ref.html)?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

RE: (RADIATOR) Handler SIP Proxy

[Jesus Rodriguez]

On Fri, 17 Oct 2003, Frank Danielson wrote:

Hi Frank,

Thanks for your answer. I will try your solution using a PreClient hook as
suggested by Huge.

Thanks Frank and Huge.


 I would use a PreHandler hook in your Client clause to look for the request
 type and set an appropriate attribute to use in a Handler later. Since you
 have multiple Digest-Attribute attributes the only way I know of to handle
 it would be to spool through the incoming request's attrbutes looking for
 the one you want. You could try something like this-

 Client 111.222.333.444
   Secret somesecret
   PreHandlerHook sub {my ($r,$value);\
   foreach $r (@{${$_[0]}-{Attributes}})\
   {\
   if ($r-[0] eq Digest-Attributes)\
   {\
   $value = Radius::AttrVal::pclean($r-[1]);\
   ${$_[0]}-add_attr('SIP-Request',$value) if ($value
 =~ /REGISTER|INVITE/);\
   }\
   }}
 /Client

 Handler SIP-Request=REGISTER
 /Handler

 Handler SIP-Request=INVITE
 /Handler


 Obviously I have not tested this so proceed at your own risk.

 Frank Danielson
 [Infrastructure Architect]

 voice:407.515.8633
 fax:407.515.9001

 ClearSky Mobile Media, Inc.
 56 E. Pine St. Suite 200
 Orlando, FL 32801
 USA

 -Original Message-
 From: Jesus Rodriguez [mailto:[EMAIL PROTECTED]
 Sent: Friday, October 17, 2003 2:30 PM
 To: [EMAIL PROTECTED]
 Subject: (RADIATOR) Handler SIP Proxy


 Hello,

 My SIP proxy authenticates REGISTER and INVITE requests against Radiator. I
 would like to be able to diferentiate between both requests.

 This is a REGISTER request:

 Code:   Access-Request
 Identifier: 104
 Authentic:  21713430y250D214j212`N\F254{222
 Attributes:
 User-Name = [EMAIL PROTECTED]
 Digest-Attributes = 1012340002
 Digest-Attributes = 113voztele.com
 Digest-Attributes = 2*3f9032160a04f9a07db6b7431a03c66e63917d8e
 Digest-Attributes = 417sip:voztele.com
 Digest-Attributes = 310REGISTER
 Digest-Response = 5d484ab3e8c3ee3aa8aeb4f7238d9456
 Service-Type = SIP
 SIP-URI-User = 340002
 NAS-IP-Address = 192.168.1.34
 NAS-Port = 5060


 And this is an INVITE request:

 Code:   Access-Request
 Identifier: 100
 Authentic:  230141168k203:}239134139O227]6147'
 Attributes:
 User-Name = [EMAIL PROTECTED]
 Digest-Attributes = 101234
 Digest-Attributes = 113voztele.com
 Digest-Attributes = 2*3f90309d03749b41dfcc0d202bc35f89ebfc9d1c
 Digest-Attributes = 427sip:[EMAIL PROTECTED]
 Digest-Attributes = 38INVITE
 Digest-Response = f398469d53d8eeb47bbde0d45f78583d
 Service-Type = SIP
 SIP-URI-User = 34
 NAS-IP-Address = 192.168.1.34
 NAS-Port = 5060


 The only difference between them are these Digest-Attributes:

   Digest-Attributes = 310REGISTER
   Digest-Attributes = 38INVITE

 I've been playing with Handler Digest-Attributes = x where x are
 different regular expressions but no luck.

 Is there some way to diferentiate both requests? I have to treat them in a
 different way because i need to send a reply attribute only for the INVITEs.

 Thanks in advance.

 Saludos
 JesusR.

 ---
 Jesus Rodriguez
 Endercom Comunicaciones, S.L.
 [EMAIL PROTECTED]
 http://www.endercom.com
 Tel. +34 934424293
 ---
 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.
 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.




Saludos
JesusR.

---
Jesus Rodriguez
Endercom Comunicaciones, S.L.
[EMAIL PROTECTED]
http://www.endercom.com
Tel. +34 934424293
---
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Handler SIP Proxy

[Frank Danielson]

I would use a PreHandler hook in your Client clause to look for the request
type and set an appropriate attribute to use in a Handler later. Since you
have multiple Digest-Attribute attributes the only way I know of to handle
it would be to spool through the incoming request's attrbutes looking for
the one you want. You could try something like this-

Client 111.222.333.444
Secret somesecret
PreHandlerHook sub {my ($r,$value);\
foreach $r (@{${$_[0]}-{Attributes}})\
{\
if ($r-[0] eq Digest-Attributes)\
{\
$value = Radius::AttrVal::pclean($r-[1]);\
${$_[0]}-add_attr('SIP-Request',$value) if ($value
=~ /REGISTER|INVITE/);\
}\
}}
/Client

Handler SIP-Request=REGISTER
/Handler

Handler SIP-Request=INVITE
/Handler


Obviously I have not tested this so proceed at your own risk.

Frank Danielson
[Infrastructure Architect]

voice:407.515.8633
fax:407.515.9001

ClearSky Mobile Media, Inc.
56 E. Pine St. Suite 200
Orlando, FL 32801
USA

-Original Message-
From: Jesus Rodriguez [mailto:[EMAIL PROTECTED]
Sent: Friday, October 17, 2003 2:30 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Handler SIP Proxy


Hello,

My SIP proxy authenticates REGISTER and INVITE requests against Radiator. I
would like to be able to diferentiate between both requests.

This is a REGISTER request:

Code:   Access-Request
Identifier: 104
Authentic:  21713430y250D214j212`N\F254{222
Attributes:
User-Name = [EMAIL PROTECTED]
Digest-Attributes = 1012340002
Digest-Attributes = 113voztele.com
Digest-Attributes = 2*3f9032160a04f9a07db6b7431a03c66e63917d8e
Digest-Attributes = 417sip:voztele.com
Digest-Attributes = 310REGISTER
Digest-Response = 5d484ab3e8c3ee3aa8aeb4f7238d9456
Service-Type = SIP
SIP-URI-User = 340002
NAS-IP-Address = 192.168.1.34
NAS-Port = 5060


And this is an INVITE request:

Code:   Access-Request
Identifier: 100
Authentic:  230141168k203:}239134139O227]6147'
Attributes:
User-Name = [EMAIL PROTECTED]
Digest-Attributes = 101234
Digest-Attributes = 113voztele.com
Digest-Attributes = 2*3f90309d03749b41dfcc0d202bc35f89ebfc9d1c
Digest-Attributes = 427sip:[EMAIL PROTECTED]
Digest-Attributes = 38INVITE
Digest-Response = f398469d53d8eeb47bbde0d45f78583d
Service-Type = SIP
SIP-URI-User = 34
NAS-IP-Address = 192.168.1.34
NAS-Port = 5060


The only difference between them are these Digest-Attributes:

Digest-Attributes = 310REGISTER
Digest-Attributes = 38INVITE

I've been playing with Handler Digest-Attributes = x where x are
different regular expressions but no luck.

Is there some way to diferentiate both requests? I have to treat them in a
different way because i need to send a reply attribute only for the INVITEs.

Thanks in advance.

Saludos
JesusR.

---
Jesus Rodriguez
Endercom Comunicaciones, S.L.
[EMAIL PROTECTED]
http://www.endercom.com
Tel. +34 934424293
---
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler SIP Proxy

[Hugh Irvine]

Hello Frank, Hello Jesus -

Frank is quite correct (thanks as always).

If you have multiple Client clauses you might consider using a 
PreClientHook instead.

And I usually keep my hook code in seperate files - see the examples in 
goodies/hooks.txt.

regards

Hugh

On Saturday, Oct 18, 2003, at 05:52 Australia/Melbourne, Frank 
Danielson wrote:

I would use a PreHandler hook in your Client clause to look for the 
request
type and set an appropriate attribute to use in a Handler later. Since 
you
have multiple Digest-Attribute attributes the only way I know of to 
handle
it would be to spool through the incoming request's attrbutes looking 
for
the one you want. You could try something like this-

Client 111.222.333.444
Secret somesecret
PreHandlerHook sub {my ($r,$value);\
foreach $r (@{${$_[0]}-{Attributes}})\
{\
if ($r-[0] eq Digest-Attributes)\
{\
$value = Radius::AttrVal::pclean($r-[1]);\
${$_[0]}-add_attr('SIP-Request',$value) if ($value
=~ /REGISTER|INVITE/);\
}\
}}
/Client
Handler SIP-Request=REGISTER
/Handler
Handler SIP-Request=INVITE
/Handler
Obviously I have not tested this so proceed at your own risk.

Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
56 E. Pine St. Suite 200
Orlando, FL 32801
USA
-Original Message-
From: Jesus Rodriguez [mailto:[EMAIL PROTECTED]
Sent: Friday, October 17, 2003 2:30 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Handler SIP Proxy
Hello,

My SIP proxy authenticates REGISTER and INVITE requests against 
Radiator. I
would like to be able to diferentiate between both requests.

This is a REGISTER request:

Code:   Access-Request
Identifier: 104
Authentic:  21713430y250D214j212`N\F254{222
Attributes:
User-Name = [EMAIL PROTECTED]
Digest-Attributes = 1012340002
Digest-Attributes = 113voztele.com
Digest-Attributes = 
2*3f9032160a04f9a07db6b7431a03c66e63917d8e
Digest-Attributes = 417sip:voztele.com
Digest-Attributes = 310REGISTER
Digest-Response = 5d484ab3e8c3ee3aa8aeb4f7238d9456
Service-Type = SIP
SIP-URI-User = 340002
NAS-IP-Address = 192.168.1.34
NAS-Port = 5060

And this is an INVITE request:

Code:   Access-Request
Identifier: 100
Authentic:  230141168k203:}239134139O227]6147'
Attributes:
User-Name = [EMAIL PROTECTED]
Digest-Attributes = 101234
Digest-Attributes = 113voztele.com
Digest-Attributes = 
2*3f90309d03749b41dfcc0d202bc35f89ebfc9d1c
Digest-Attributes = 427sip:[EMAIL PROTECTED]
Digest-Attributes = 38INVITE
Digest-Response = f398469d53d8eeb47bbde0d45f78583d
Service-Type = SIP
SIP-URI-User = 34
NAS-IP-Address = 192.168.1.34
NAS-Port = 5060

The only difference between them are these Digest-Attributes:

Digest-Attributes = 310REGISTER
Digest-Attributes = 38INVITE
I've been playing with Handler Digest-Attributes = x where x 
are
different regular expressions but no luck.

Is there some way to diferentiate both requests? I have to treat them 
in a
different way because i need to send a reply attribute only for the 
INVITEs.

Thanks in advance.

Saludos
JesusR.
---
Jesus Rodriguez
Endercom Comunicaciones, S.L.
[EMAIL PROTECTED]
http://www.endercom.com
Tel. +34 934424293
---
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler question

[Andy De Petter]

Hello guys,

I have some questions, about Handler behaviour.  First question, is 
whether Handlers support regular expression syntax, like Realm does?  In 
section 6.16 in the manual, there isn't any mentioning about that.. but 
as far as I'm concerned, I think it should be supported - but I would 
like confirmation. ;)  I don't want to do any regexp matching against 
the name of the attributes, but rather against the attribute values 
(something like Handler Called-Id = /(12345|54321)/i, User-Realm = 
/(this|that)/i).

Second question: Realm supersedes Handler definitions in the 
configuration file, and Handlers get processed sequentially.. but what 
happens, if a request matches 2 handlers, like in the following case:

my request = [EMAIL PROTECTED] (Client-Id: 1.1.1.1)

Handler User-Realm = /WHATEVER/i, Client-Id = /1\.1\.1\.1/
   ...
/Handler
Handler User-Realm = /WHATEVER/i
   ...
/Handler
The request will match the first handler, but what happens if the AuthBy 
fails at that point?  Will it still continue to the next Handler, or 
will it immediately send an Access-Reject?

Thanks!

-Andy

--
Andy De Petter - Expert  IT Analyst - [EMAIL PROTECTED]
Belgacom ANS/EIS/ISA - Carlistraat  2 - 1140 Brussels (Belgium)
Head office: Koning Albert II Laan 27 - 1030 Brussels (Belgium)
Tel +32 (0)2 7061170  -  Fax +32 (0)2 7061150  -  ICQ  #1548957
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property rights and
are intended for the sole use of the recipient(s) named above. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone or by e-mail and delete the material from any
computer. Thank you for your cooperation.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler question

[Hugh Irvine]

Hello Andy -

Yes you can use regular expressions with Handlers, and the first match 
is the only match.

If a request can match multiple Handlers, it will only be processed by 
the first one that matches. Therefore the more specific Handlers must 
appear before the more general Handlers in the list.

regards

Hugh

On Thursday, Jul 10, 2003, at 18:21 Australia/Melbourne, Andy De Petter 
wrote:

Hello guys,

I have some questions, about Handler behaviour.  First question, is 
whether Handlers support regular expression syntax, like Realm does?  
In section 6.16 in the manual, there isn't any mentioning about that.. 
but as far as I'm concerned, I think it should be supported - but I 
would like confirmation. ;)  I don't want to do any regexp matching 
against the name of the attributes, but rather against the attribute 
values (something like Handler Called-Id = /(12345|54321)/i, 
User-Realm = /(this|that)/i).

Second question: Realm supersedes Handler definitions in the 
configuration file, and Handlers get processed sequentially.. but what 
happens, if a request matches 2 handlers, like in the following case:

my request = [EMAIL PROTECTED] (Client-Id: 1.1.1.1)

Handler User-Realm = /WHATEVER/i, Client-Id = /1\.1\.1\.1/
   ...
/Handler
Handler User-Realm = /WHATEVER/i
   ...
/Handler
The request will match the first handler, but what happens if the 
AuthBy fails at that point?  Will it still continue to the next 
Handler, or will it immediately send an Access-Reject?

Thanks!

-Andy

--
Andy De Petter - Expert  IT Analyst - [EMAIL PROTECTED]
Belgacom ANS/EIS/ISA - Carlistraat  2 - 1140 Brussels (Belgium)
Head office: Koning Albert II Laan 27 - 1030 Brussels (Belgium)
Tel +32 (0)2 7061170  -  Fax +32 (0)2 7061150  -  ICQ  #1548957
*** DISCLAIMER ***
This e-mail and any attachments thereto may contain information, which
is confidential and/or protected by intellectual property rights and
are intended for the sole use of the recipient(s) named above. Any use
of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any
form) by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender
either by telephone or by e-mail and delete the material from any
computer. Thank you for your cooperation.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler or Realm

[Herman verschooten]

Hi,



I am now using Radiator with a single default-realm
for 4 different Client-sets. I use a rewrite username to strip off the realm
if a client provides it. I now want to split the authentication to be able to
use 2 separate Online-algorithms. What do you propose I use, A Handler or 2
different realms with a default-realm in the client-clause? Or can a handler
trigger on the client used?



TX,

Herman

Re: (RADIATOR) Handler or Realm

[Bret Jordan]

Use handlers, never use realms..  Handlers can do everything that realms 
can do and more.

Bret

Herman verschooten wrote:

Hi,

 

I am now using Radiator with a single default-realm for 4 different 
Client-sets.  I use a rewrite username to strip off the realm if a 
client provides it.  I now want to split the authentication to be able 
to use 2 separate Online-algorithms.  What do you propose I use, A 
Handler or 2 different realms with a default-realm in the 
client-clause?  Or can a handler trigger on the client used?

 

TX,

Herman

--
~~~
Bret Jordan   Dean's Office
Computer Administrator   College of Engineering
801.585.3765 University of Utah
   [EMAIL PROTECTED]
~~~


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler or Realm

[Hugh Irvine]

Hello Bret, Hello Herman -

As Bret says, Realms are a subset of Handlers, but they are also much 
more efficient. A Realm is selected by doing a table lookup on the 
specified string, whereas the list of Handlers is evaluated in the 
order that they appear in the configuration file. In both cases the 
first match is the only match.

In general, a simple configuration based on Realms is very easy to 
understand and very efficient.

It is certainly true that Handlers are far more flexible, but you 
probably don't want hundreds of Handlers in your configuration file.

In Herman's case, I generally suggest using Identifiers in the Client 
clauses and Handlers to suit:

# define Client clauses

Client 1.1.1.1
Identifier SomeTag

/Client
Client 2.2.2.2
Identifier SomeTag

/Client
Client 3.3.3.3
Identifier AnotherTag

/Client
..

# define Handlers

Handler Client-Identifier = SomeTag
.
/Handler
Handler Client-Identifier = AnotherTag
.
/Handler
.



On Tuesday, Jul 1, 2003, at 04:14 Australia/Melbourne, Bret Jordan 
wrote:

Use handlers, never use realms..  Handlers can do everything that 
realms can do and more.

Bret

Herman verschooten wrote:

Hi,

I am now using Radiator with a single default-realm for 4 different 
Client-sets.  I use a rewrite username to strip off the realm if a 
client provides it.  I now want to split the authentication to be 
able to use 2 separate Online-algorithms.  What do you propose I use, 
A Handler or 2 different realms with a default-realm in the 
client-clause?  Or can a handler trigger on the client used?

TX,

Herman

--
~~~
Bret Jordan   Dean's Office
Computer Administrator   College of Engineering
801.585.3765 University of Utah
   [EMAIL PROTECTED]
~~~


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler Acct-Status-Type=

[Sergey Y. Afonin]

Hello.

I attempt to update to 3.5 from 3.1 and have problem.

The handler 

Handler Acct-Status-Type=
/Handler

is not work in 3.5. :-( All packets isn't agree to this handler.
I use this for process Access-Request packets. Separately I use

Handler Acct-Status-Type=/Start|Stop/
/Handler

for process Accounting-Request packets

Is whis bug or new future ? :-)

-- 
Regards, Sergey Afonin
[EMAIL PROTECTED]


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler Acct-Status-Type=

[Hugh Irvine]

Hello Sergey -

I would suggest you do this:

Handler Acct-Status-Type=/Start|Stop/

/Handler
Handler

/Handler
The Handler clause will catch everything not processed by the 
previous Handlers and it will be much faster.

regards

Hugh

On Monday, Mar 31, 2003, at 20:15 Australia/Melbourne, Sergey Y. Afonin 
wrote:

Hello.

I attempt to update to 3.5 from 3.1 and have problem.

The handler

Handler Acct-Status-Type=
/Handler
is not work in 3.5. :-( All packets isn't agree to this handler.
I use this for process Access-Request packets. Separately I use
Handler Acct-Status-Type=/Start|Stop/
/Handler
for process Accounting-Request packets

Is whis bug or new future ? :-)

--
Regards, Sergey Afonin
[EMAIL PROTECTED]
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler for capturing 151 at the end of the Called-Station-Id

[Martin Edge]

Title: Message



Hey 
Guys,

Just a quick 
check..

How would I write a 
handler to capture all numbers ending in a particular 
suffix?

Handler 
Called-Station-Id=/151$/ ?

Obviously 151 is 
quite small and likely to appear in the middle of parts of other numbers... Thus 
has to be matched on the end of the line.

Thanks
Martin 
Edge


Martin EdgeSystems/Applications EngineerKBS 
InternetPh: 1300 727 205Web: http://www.kbs.net.au/Wholesale: http://xray.kbs.net.au/Email: 
[EMAIL PROTECTED] 

Re: (RADIATOR) Handler for capturing 151 at the end of the Called-Station-Id

[Hugh Irvine]

Hello Martin -

Yes this is correct - although you should always do some testing to verify correct operation.

Also note that Handlers are evaluated in the order they appear in the configuration file, so the more specific must appear before the more general.

regards

Hugh


On Monday, Mar 31, 2003, at 12:57 Australia/Melbourne, Martin Edge wrote:

Hey Guys,
 
Just a quick check..
 
How would I write a handler to capture all numbers ending in a particular suffix?
 
Handler Called-Station-Id=/151$/> ?
 
Obviously 151 is quite small and likely to appear in the middle of parts of other numbers... Thus has to be matched on the end of the line.
 
Thanks
Martin Edge
 

Martin Edge
Systems/Applications Engineer
KBS Internet
Ph: 1300 727 205
Web: http://www.kbs.net.au/
Wholesale: http://xray.kbs.net.au/
Email: [EMAIL PROTECTED]



NB: have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

(RADIATOR) Handler

[Chris Kay]

Hould would I do something like this

I would like to use a handler online if

handler 1
Client-Identifer = Comindico
NAS-IP-Address = 203.194.30.244
/handler

handler 2
Client-Identifer = Comindico
NAS-IP-Address != 203.194.30.244
NAS-IP-Address != 203.222.153.14
/handler

handler 3
Client-Identifer = Max
NAS-IP-Address = 203.222.153.14
/handler

I have the handlers for each but am now lost as to how you use multiple
clauses in a handler or even if you can...

- 
Chris Kay (Systems Development) 
Techex Communications 
Website: www.techex.com.au Email: [EMAIL PROTECTED] 
Telephone: 1300 88 111 2 - Fax: 1300 882 221 
-  

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler

[Hugh Irvine]

Hello Chris -

You should set up the Identifiers in your Client clauses appropriately, 
then use something like this:

# define Client clauses

Client 
	Identifier Comindico-Whatever
/Client



Client 
	Identifier Comindico-SomethingElse
/Client

.

# define AuthBy clauses

AuthBy 
	Identifier CheckUser
	
/AuthBy

.

# define Handlers

Handler Client-Identifier = Comindico-Whatever
	AuthBy CheckUser
	
/Handler

 Handler Client-Identifier = Comindico-SomethingElse
	AuthBy CheckUser
	
/Handler

.


regards

Hugh


On Tuesday, Jan 14, 2003, at 17:40 Australia/Melbourne, Chris Kay wrote:


Hould would I do something like this

I would like to use a handler online if

handler 1
Client-Identifer = Comindico
NAS-IP-Address = 203.194.30.244
/handler

handler 2
Client-Identifer = Comindico
NAS-IP-Address != 203.194.30.244
NAS-IP-Address != 203.222.153.14
/handler

handler 3
Client-Identifer = Max
NAS-IP-Address = 203.222.153.14
/handler

I have the handlers for each but am now lost as to how you use multiple
clauses in a handler or even if you can...

-
Chris Kay (Systems Development)
Techex Communications
Website: www.techex.com.au Email: [EMAIL PROTECTED]
Telephone: 1300 88 111 2 - Fax: 1300 882 221
-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.




--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler Called-Station-Id SQL

[Rabbie Zalaf]

Hello All,

We have a proxy radius server and we want to have a table in mysql where we
can have a list of telephone numbers that are not permitted to authenticate.

Normally I would just use, 

Handler Called-Station-Id = 029497
IgnoreAuth
IgnoreAcct  
/Handler

However the list of users is now growing and I do not wish to add these
statements for the many users we wish to block.

Attached is our radius.cfg file.

Could anyone please tell me the best method of achieving the above?

Thanks.

Regards,

Rabbie.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler working now.... but ;-)

[Skeeve Stevens]

Ok.. With the awesome help of Hugh my handler is working fine.

But.  my SessionDatabase is still getting both accounting data.

Can I move the below into the main Handler or is there something else to address 
this?



#This keeps track of who is online
SessionDatabase SQL
Identifier SDB1
DBSource dbi:mysql:x:x
DBUsername radius
DBAuth t3ch3xAuTh

AddQuery insert into online 
(acct_handle,nas_id,online_nasport,online_sessionid,online_date,online_ipaddress,online_servicetype,online_calling_station,online_called_station,online_key)
 values 
('%n','%N','%{NAS-Port}','%{Acct-Session-Id}',from_unixtime(%{Timestamp}),'%{Framed-IP-Address}','%{Service-Type}','%{Calling-Station-Id}','%{Called-Station-Id}','%{Ascend-Session-Svr-Key}')

DeleteQuery delete from online where acct_handle = '%n' and nas_id = '%N' and 
online_nasport = %{NAS-Port}

ClearNasQuery delete from online where nas_id = '%N'

CountQuery select nas_id,online_nasport,online_sessionid from online where 
acct_handle = '%n'
/SessionDatabase




-- 
 -
| Skeeve Stevens  url: http://www.skeeve.org/ |
| email:[EMAIL PROTECTED]/  url: http://www.eIntellego.org/ |
 -
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler working now.... but ;-)

[Hugh Irvine]

Hello Skeve -

Try something like this (note the Handler defintion below also):

# define Session Databases

SessionDatabase SQL
Identifier SQLSDB

/SessionDatabase

SessionDatabase NULL
Identifier NULLSDB
.
/SessionDatabase

# define Handlers

Handler Request-Type = Accounting-Request, NAS-Port-Type = Async
# use NULL session database
SessionDatabase NULLSDB
AuthBy INTERNAL
AcctResult ACCEPT
/AuthBy
.
/Handler

Handler
# use SQL session database
SessionDatabase SQLSDB
.
/Handler


regards

Hugh


On Friday, September 20, 2002, at 01:44 PM, Skeeve Stevens wrote:




 Ok.. With the awesome help of Hugh my handler is working fine.

 But.  my SessionDatabase is still getting both accounting data.

 Can I move the below into the main Handler or is there something  
 else to address this?



 #This keeps track of who is online
 SessionDatabase SQL
 Identifier SDB1
 DBSource dbi:mysql:x:x
 DBUsername radius
 DBAuth t3ch3xAuTh

 AddQuery insert into online  
 (acct_handle,nas_id,online_nasport,online_sessionid,online_date,online_ 
 ipaddress,online_servicetype,online_calling_station,online_called_stati 
 on,online_key) values  
 ('%n','%N','%{NAS-Port}','%{Acct-Session- 
 Id}',from_unixtime(%{Timestamp}),'%{Framed-IP-Address}','%{Service- 
 Type}','%{Calling-Station-Id}','%{Called-Station-Id}','%{Ascend- 
 Session-Svr-Key}')

 DeleteQuery delete from online where acct_handle = '%n' and  
 nas_id = '%N' and online_nasport = %{NAS-Port}

 ClearNasQuery delete from online where nas_id = '%N'

 CountQuery select nas_id,online_nasport,online_sessionid from  
 online where acct_handle = '%n'
 /SessionDatabase




 -- 
   
 -
 | Skeeve Stevens  url:  
 http://www.skeeve.org/ |
 | email:[EMAIL PROTECTED]/  url:  
 http://www.eIntellego.org/ |
   
 -
 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.



-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler clause attributes

[Ayotunde Itayemi]

Hi Hugh, Hi All,

Please it there somewhere i can get a list of all 
the attributes that can go
into the Handler clause ( Handler attributes= 
  ) and their proper
name and format of their values?

Regards,
Tunde Itayemi.

Re: (RADIATOR) Handler question

[Hugh Irvine]

Hello Anton -

You are usually better to do something like this:

# define AuthBy clauses

AuthBy ...
Identifier DoSomething
.
/AuthBy

AuthBy 
Identifier DoSomethingElse
.
/AuthBy

AuthBy GROUP
Identifier DoEverything
AuthByPolicy 
AuthBy DoSomething
AuthBy DoSomethingElse
.
/AuthBy

.

# define Handlers

Handler Called-Station-Id=678771
AuthBy DoEverything
.
/Handler

Handler Realm=open.com.au
AuthBy DoEverything
.
/Handler

This is just an example, but you should get the idea.

regards

Hugh


On Sat, 27 Jul 2002 02:58, Anton Krall wrote:
 Guys.. is there a way to make a handler work in an OR fashion instead of
 AND?

 Like

 Handler Called-Station-Id=678771,Realm=open.com.au

 this would suggest Caler and Realm is there a way to make it Called
 OR Realm?

 Thx!

 Saludos

 Anton Krall
 Director de Tecnología
 Inter.net México / Panamá

 Tel; 5241-7609 Directo
 Tel: 5241-7600 Conmutador
 Celular: 0445-105-5160
 ICQ: 4979450
 email: [EMAIL PROTECTED]
 web: http://www.mx.inter.net

 Outside Mexico:
 Office: +52(555)241-7609
 PBX: +52(555)241-7600
 Mobile: +52(555)105-5160

 ---
 Outgoing mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002


 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler w/ AddToReply question

[Robert G. Fisher]

I'm trying to use Radiator 2.19 and Handlers to configure
some Ascend-Data-Filter attributes to our roaming partners.  
I've added the following to my config file:

Handler Client-Identifier = RoamingPartner
AddToReply =Ascend-Data-Filter = ip in forward tcp est,\
Ascend-Data-Filter = ip in forward dstip X.X.X.X/YY,\
Ascend-Data-Filter = ip in forward dstip Z.Z.Z.Z/YY,\
Ascend-Data-Filter = ip in drop tcp dstport 25,\
Ascend-Data-Filter = ip in forward
/Handler

Where the X.X.X.X and Z.Z.Z.Z are valid IP blocks.  However, I'm
getting a message that AddToReply is an unknown option.  

After this Handler, I have a catch-all Handler in which the
actual authentication is done, I would prefer to have this
Handler come after the initial authentication and reply is
built, but the idea is to have more specific Handlers come
first.

So...what am I missing? :)

-- 
Robert G. Fisher  Sitestar.net, Inc. 
System Engineer   (276) 666-9533 x 116
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler w/ AddToReply question

[peter moody]

I believe that AddToReply is an AuthBy attribute, and not a Handler
attribute (in the docs, 6.17.8)

-peter

On Tue, 2002-02-12 at 06:00, Robert G. Fisher wrote:
 I'm trying to use Radiator 2.19 and Handlers to configure
 some Ascend-Data-Filter attributes to our roaming partners.  
 I've added the following to my config file:
 
 Handler Client-Identifier = RoamingPartner
   AddToReply =Ascend-Data-Filter = ip in forward tcp est,\
   Ascend-Data-Filter = ip in forward dstip X.X.X.X/YY,\
   Ascend-Data-Filter = ip in forward dstip Z.Z.Z.Z/YY,\
   Ascend-Data-Filter = ip in drop tcp dstport 25,\
   Ascend-Data-Filter = ip in forward
 /Handler
 
 Where the X.X.X.X and Z.Z.Z.Z are valid IP blocks.  However, I'm
 getting a message that AddToReply is an unknown option.  
 
 After this Handler, I have a catch-all Handler in which the
 actual authentication is done, I would prefer to have this
 Handler come after the initial authentication and reply is
 built, but the idea is to have more specific Handlers come
 first.
 
 So...what am I missing? :)
 
 -- 
 Robert G. Fisher  Sitestar.net, Inc. 
 System Engineer   (276) 666-9533 x 116
 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.
-- 
Peter Moody Systems Administrator
[EMAIL PROTECTED]
:wq 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler w/ AddToReply question

[Hugh Irvine]

Hello Robert -

On Wed, 13 Feb 2002 01:00, Robert G. Fisher wrote:
 I'm trying to use Radiator 2.19 and Handlers to configure
 some Ascend-Data-Filter attributes to our roaming partners.
 I've added the following to my config file:

 Handler Client-Identifier = RoamingPartner
   AddToReply =Ascend-Data-Filter = ip in forward tcp est,\
   Ascend-Data-Filter = ip in forward dstip X.X.X.X/YY,\
   Ascend-Data-Filter = ip in forward dstip Z.Z.Z.Z/YY,\
   Ascend-Data-Filter = ip in drop tcp dstport 25,\
   Ascend-Data-Filter = ip in forward
 /Handler

 Where the X.X.X.X and Z.Z.Z.Z are valid IP blocks.  However, I'm
 getting a message that AddToReply is an unknown option.

 After this Handler, I have a catch-all Handler in which the
 actual authentication is done, I would prefer to have this
 Handler come after the initial authentication and reply is
 built, but the idea is to have more specific Handlers come
 first.

 So...what am I missing? :)

The first match on a Handler clause is the only match - Radiator only ever 
executes a single Handler per request. Also, AddToReply is an AuthBy 
parameter, not a Handler parameter. You will need to use different AuthBy 
clauses in your Handlers to achieve what you want.

regards

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) handler matching

[Hugh Irvine]

Hello Billy -

On Monday 24 September 2001 14:20, Billy Li wrote:
 Dear All,

 I have face a problem that I use MAX TNT to connect with the radiator, now,
 several problem exist ...

 1. when I enable DNIS require, I can rather put the two handler in the cfg
 file like that ...

 handler called_station_id =  
  AuthBy TEST
  /AuthBy
 /handler

 handler called_station_id = , calling_station_id = 
  AuthBy FILE
  Filename x
  /AuthBy
 /handler

 this would make when the called ID =, it will only choice the least
 match handler to handle the request ... can I make it use the Max match to
 handle the request so that I can auth by called-station, calling station
 and user/pass ??


All you have to do is reverse the order of the Handlers.

Handler Called-Station-Id = , Calling-Station-Id = 
 AuthBy FILE
 Filename x
 /AuthBy
/Handler

Handler Called-Station-Id =  
 AuthBy TEST
 /AuthBy
/Handler

 2. when I enable the clid-auth-mode = clid-first in the MAX TNT, I modify
 the config file like that 


 Handler Called-Station-Id = 
  AuthBy FILE
  Filename /etc/users
  AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
 /AuthBy

 /Handler

 and in /etc/users, I set

 yyy Password = Ascend-CLID
  Ascend-Require-Auth = Require-Auth,


 as I have set Require-Auth in the users file, but whatever I type in the
 users file, it can let me in 


 anyone have suggestion for me ??


I don't know how the Ascend Require-Auth is supposed to work.

Anyone else?

regards

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) handler matching

[Billy Li]

Dear All,

I have face a problem that I use MAX TNT to connect with the radiator, now, 
several problem exist ...

1. when I enable DNIS require, I can rather put the two handler in the cfg 
file like that ...

handler called_station_id =  
 AuthBy TEST
 /AuthBy
/handler

handler called_station_id = , calling_station_id = 
 AuthBy FILE
 Filename x
 /AuthBy
/handler

this would make when the called ID =, it will only choice the least 
match handler to handle the request ... can I make it use the Max match to 
handle the request so that I can auth by called-station, calling station 
and user/pass ??

2. when I enable the clid-auth-mode = clid-first in the MAX TNT, I modify 
the config file like that 


Handler Called-Station-Id = 
 AuthBy FILE
 Filename /etc/users
 AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
/AuthBy

/Handler

and in /etc/users, I set

yyy Password = Ascend-CLID
 Ascend-Require-Auth = Require-Auth,


as I have set Require-Auth in the users file, but whatever I type in the 
users file, it can let me in 


anyone have suggestion for me ??

thanks




regards,

++
+Billy Li+
++
+System Engineer +
+Unitech Computer System Ltd.+
++
+ mailto:[EMAIL PROTECTED]  +
++

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler Question

[Eric Lackey]

I am trying to use a handler to check NAS-IP-Address for more than system.
It would be something like this.  It is quite a big handler and I have to
have multiple copies since they are exactly the same.  Is this possible?
Any help would be great.

Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX

/Handler

Thanks,

Eric Lackey
ISDN-Net Operations
[EMAIL PROTECTED]

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

FW: (RADIATOR) Handler Question

[Eric Lackey]

My first email might have been a little confusing.  Here is what I meant to
say.

I am trying to use a handler to check NAS-IP-Address for more than one
system.
It is quite a big handler and I hate to have multiple copies since they are
exactly the same.  Is this possible?
Any help would be great.

This is what I tried, but it doesn't seem to work.

Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX

/Handler

Thanks,

Eric Lackey
ISDN-Net Operations
[EMAIL PROTECTED]

-Original Message-
From: Eric Lackey [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 29, 2001 5:54 PM
To: '[EMAIL PROTECTED]'
Subject: (RADIATOR) Handler Question


I am trying to use a handler to check NAS-IP-Address for more than system.
It would be something like this.  It is quite a big handler and I have to
have multiple copies since they are exactly the same.  Is this possible?
Any help would be great.

Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX

/Handler

Thanks,

Eric Lackey
ISDN-Net Operations
[EMAIL PROTECTED]

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: FW: (RADIATOR) Handler Question

[Hugh Irvine]

Hello Eric -

You would use a regular expression, something like this:

Handler NAS-IP-Address=/XXX.XXX.XXX.XXX|yyy.yyy.yyy.yyy|zzz.zzz.zzz.zzz/

See section 13 in the Radiator 2.18.1 reference manual.

Otherwise, you can use Identifiers in your Client clauses to create groups 
(the same Identifier in each Client in the group) and then use this:

Handler Client-Identifier = 

You can also set up your AuthBy's like this, and refer to them in your 
Handler(s):

AuthBy .
Identifier DoSomething
.
/AuthBy

AuthBy .
Identifier DoSomethingElse
.
/AuthBy

AuthBy GROUP
Identifier DoWhatever
AuthByPolicy ContinueUntilAccept  # or whatever
AuthBy DoSomething
AuthBy DoSomethingElse
/AuthBy

Handler ...
AuthBy DoWhatever
..
/Handler


hth

Hugh


On Monday 30 April 2001 11:42, Eric Lackey wrote:
 My first email might have been a little confusing.  Here is what I meant to
 say.

 I am trying to use a handler to check NAS-IP-Address for more than one
 system.
 It is quite a big handler and I hate to have multiple copies since they are
 exactly the same.  Is this possible?
 Any help would be great.

 This is what I tried, but it doesn't seem to work.

 Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX

 /Handler

 Thanks,

 Eric Lackey
 ISDN-Net Operations
 [EMAIL PROTECTED]

 -Original Message-
 From: Eric Lackey [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, April 29, 2001 5:54 PM
 To: '[EMAIL PROTECTED]'
 Subject: (RADIATOR) Handler Question


 I am trying to use a handler to check NAS-IP-Address for more than system.
 It would be something like this.  It is quite a big handler and I have to
 have multiple copies since they are exactly the same.  Is this possible?
 Any help would be great.

 Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX

 /Handler

 Thanks,

 Eric Lackey
 ISDN-Net Operations
 [EMAIL PROTECTED]

 ===
 Archive at http://www.starport.net/~radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.

 ===
 Archive at http://www.starport.net/~radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: FW: (RADIATOR) Handler Question

[Eric Lackey]

Thanks Hugh.  That is exactly what I needed.  I think the Client list is the
best solution.

Eric

-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 29, 2001 9:12 PM
To: Eric Lackey; '[EMAIL PROTECTED]'
Subject: Re: FW: (RADIATOR) Handler Question



Hello Eric -

You would use a regular expression, something like this:

Handler NAS-IP-Address=/XXX.XXX.XXX.XXX|yyy.yyy.yyy.yyy|zzz.zzz.zzz.zzz/

See section 13 in the Radiator 2.18.1 reference manual.

Otherwise, you can use Identifiers in your Client clauses to create groups 
(the same Identifier in each Client in the group) and then use this:

Handler Client-Identifier = 

You can also set up your AuthBy's like this, and refer to them in your 
Handler(s):

AuthBy .
Identifier DoSomething
.
/AuthBy

AuthBy .
Identifier DoSomethingElse
.
/AuthBy

AuthBy GROUP
Identifier DoWhatever
AuthByPolicy ContinueUntilAccept  # or whatever
AuthBy DoSomething
AuthBy DoSomethingElse
/AuthBy

Handler ...
AuthBy DoWhatever
..
/Handler


hth

Hugh


On Monday 30 April 2001 11:42, Eric Lackey wrote:
 My first email might have been a little confusing.  Here is what I meant
to
 say.

 I am trying to use a handler to check NAS-IP-Address for more than one
 system.
 It is quite a big handler and I hate to have multiple copies since they
are
 exactly the same.  Is this possible?
 Any help would be great.

 This is what I tried, but it doesn't seem to work.

 Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX

 /Handler

 Thanks,

 Eric Lackey
 ISDN-Net Operations
 [EMAIL PROTECTED]

 -Original Message-
 From: Eric Lackey [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, April 29, 2001 5:54 PM
 To: '[EMAIL PROTECTED]'
 Subject: (RADIATOR) Handler Question


 I am trying to use a handler to check NAS-IP-Address for more than system.
 It would be something like this.  It is quite a big handler and I have to
 have multiple copies since they are exactly the same.  Is this possible?
 Any help would be great.

 Handler NAS-IP-Address=XXX.XXX.XXX.XXX,NAS-IP-Address=XXX.XXX.XXX.XXX

 /Handler

 Thanks,

 Eric Lackey
 ISDN-Net Operations
 [EMAIL PROTECTED]

 ===
 Archive at http://www.starport.net/~radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.

 ===
 Archive at http://www.starport.net/~radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler for attribute present

[Ingvar Berg (ERA)]

What is the best way to write a Handler for requests containing a particular 
attribute, regardless of its value?

Like Handler attribute-x=/*/

Any suggestions?

/Ingvar

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler Problem.

[Sergio Gonzalez]

*This message was transferred with a trial version of CommuniGate(tm) Pro*
Hi folks.

I have a little problem and I wonder some can help me.

I have here Radiator 2.14 with mSQL database to authenticate dial-up
users. 
Now I want to make roaming with another ISP, so I added the handler for
this into my radius config. This is what I have now


Trace 4
DbDir   /usr/local/etc/raddb/db
LogDir  /usr/local/etc/raddb/log
LogFile /usr/local/etc/raddb/log/Radiator.log
DictionaryFile /usr/local/etc/dictionary.usr
SnmpgetProg /usr/local/bin/snmpget
 
 
Client 209.239.95.19
Secret  
NasType TotalControlSNMP
SNMPCommunity public
/Client
 
SessionDatabase SQL
   Identifier SDB1
   DBSource dbi:mSQL:radius
   DBUsername
   DBAuth
/SessionDatabase
 
Handler Realm = another_isp.com
RewriteUsername s/^([^@]+).*/$1/
AuthBy RADIUS
Host aaa.bbb.ccc.ddd
Secret 
RetryTimeout 20
/AuthBy
AcctLogFileName %L/another_isp.acct
/Handler
 
 
Handler User-Name = unauthenticated
 AuthBy SQL
 DBSource dbi:mSQL:noauth
 DBUsername x
 DBAuth  yy
 AccountingStopsOnly
 AccountingTableACCOUNTING
 AcctColumnDef  CALLINGSTID,Calling-Station-Id,string
 AcctColumnDef  CALLEDSTID,Called-Station-Id,string
 AcctColumnDef  ACCTTERMCAUSE,Acct-Terminate-Cause,intege
 AcctColumnDef  CONNTERMCAUSE,Connect-Term-Reason,integer
 AcctColumnDef  FAILCONNREASON,Failure-to-Connect-Reason,integer
 AcctColumnDef  DISCONNREASON,Disconnect-Reason,integer
 AcctColumnDef  CONNECTSPEED,Connect-Speed,integer
 AcctColumnDef  SERVICETYPE,Service-Type,integer
 AcctColumnDef  MODULATYPE,Modulation-Type,integer
 /AuthBy
/Handler
 
 
Handler
 SessionDatabase SDB1
 AuthBy SQL
 DefaultSimultaneousUse 1
 DBSource dbi:mSQL:radius
 DBUsername  xx
 DBAuth  yyy
 AuthSelect select PASSWORD,CHECKATTR,REPLYATTR \
from SUBSCRIBERS where USERNAME = '%n' and STATUS=1
 
 AccountingStopsOnly
 AccountingTableACCOUNTING
 AcctColumnDef  USERNAME,User-Name
 AcctColumnDef  TIME_STAMP,Timestamp,integer
 AcctColumnDef  ACCTSESSIONID,Acct-Session-Id
 AcctColumnDef  ACCTSESSIONTIME,Acct-Session-Time,integer
 AcctColumnDef  ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
 AcctColumnDef  ACCTCONNECTSPEED,Connect-Speed,integer
 AcctColumnDef  ACCTCALLINGSTATIONID,Calling-Station-Id,string
 AcctColumnDef  ACCTCALLEDSTATIONID,Called-Station-Id,string
 /AuthBy
 AcctLogFileName  %L/%c
 PasswordLogFileName %L/password.log
/Handler



Both the my users and the users from another_isp.com can authenticate,
but my own users can't connect the usual way, so they had to use the
terminal window before dialing (in win 9x), to get connected. Why is
this happening?



Thanks!
-- 
Sergio Gonzalez
Director Operativo. Node Chief
Skynet de Colombia S.A.
(57) (+1) 6422 020
Santa FE de BogotA, Colombia, South AmErica

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler Problem.

[Hugh Irvine]

Hello Sergio -

On Tue, 19 Sep 2000, Sergio Gonzalez wrote:
 *This message was transferred with a trial version of CommuniGate(tm) Pro*
 Hi folks.
 
 I have a little problem and I wonder some can help me.
 
 I have here Radiator 2.14 with mSQL database to authenticate dial-up
 users. 
 Now I want to make roaming with another ISP, so I added the handler for
 this into my radius config. This is what I have now
 
 
 Trace 4
 DbDir   /usr/local/etc/raddb/db
 LogDir  /usr/local/etc/raddb/log
 LogFile /usr/local/etc/raddb/log/Radiator.log
 DictionaryFile /usr/local/etc/dictionary.usr
 SnmpgetProg /usr/local/bin/snmpget
  
  
 Client 209.239.95.19
 Secret  
 NasType TotalControlSNMP
 SNMPCommunity public
 /Client
  
 SessionDatabase SQL
Identifier SDB1
DBSource dbi:mSQL:radius
DBUsername
DBAuth
 /SessionDatabase
  
 Handler Realm = another_isp.com
 RewriteUsername s/^([^@]+).*/$1/
 AuthBy RADIUS
 Host aaa.bbb.ccc.ddd
 Secret 
 RetryTimeout 20
 /AuthBy
 AcctLogFileName %L/another_isp.acct
 /Handler
  
  
 Handler User-Name = unauthenticated
  AuthBy SQL
  DBSource dbi:mSQL:noauth
  DBUsername x
  DBAuth  yy
  AccountingStopsOnly
  AccountingTableACCOUNTING
  AcctColumnDef  CALLINGSTID,Calling-Station-Id,string
  AcctColumnDef  CALLEDSTID,Called-Station-Id,string
  AcctColumnDef  ACCTTERMCAUSE,Acct-Terminate-Cause,intege
  AcctColumnDef  CONNTERMCAUSE,Connect-Term-Reason,integer
  AcctColumnDef  FAILCONNREASON,Failure-to-Connect-Reason,integer
  AcctColumnDef  DISCONNREASON,Disconnect-Reason,integer
  AcctColumnDef  CONNECTSPEED,Connect-Speed,integer
  AcctColumnDef  SERVICETYPE,Service-Type,integer
  AcctColumnDef  MODULATYPE,Modulation-Type,integer
  /AuthBy
 /Handler
  
  
 Handler
  SessionDatabase SDB1
  AuthBy SQL
  DefaultSimultaneousUse 1
  DBSource dbi:mSQL:radius
  DBUsername  xx
  DBAuth  yyy
  AuthSelect select PASSWORD,CHECKATTR,REPLYATTR \
 from SUBSCRIBERS where USERNAME = '%n' and STATUS=1
  
  AccountingStopsOnly
  AccountingTableACCOUNTING
  AcctColumnDef  USERNAME,User-Name
  AcctColumnDef  TIME_STAMP,Timestamp,integer
  AcctColumnDef  ACCTSESSIONID,Acct-Session-Id
  AcctColumnDef  ACCTSESSIONTIME,Acct-Session-Time,integer
  AcctColumnDef  ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
  AcctColumnDef  ACCTCONNECTSPEED,Connect-Speed,integer
  AcctColumnDef  ACCTCALLINGSTATIONID,Calling-Station-Id,string
  AcctColumnDef  ACCTCALLEDSTATIONID,Called-Station-Id,string
  /AuthBy
  AcctLogFileName  %L/%c
  PasswordLogFileName %L/password.log
 /Handler
 
 
 
 Both the my users and the users from another_isp.com can authenticate,
 but my own users can't connect the usual way, so they had to use the
 terminal window before dialing (in win 9x), to get connected. Why is
 this happening?
 

I will need to see a trace 4 debug showing what is happening.

thanks

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Handler for a set of realms

[Hugh Irvine]

Hello Andrew -

On Thu, 07 Sep 2000, Andrew Pollock wrote:
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
  Behalf Of Hugh Irvine
  Sent: Tuesday, September 05, 2000 2:14 PM
  To: Andrew Pollock; [EMAIL PROTECTED]
  Subject: Re: (RADIATOR) Handler for a "set of realms"
 
 
 
  Hello Andrew -
 
  On Tue, 05 Sep 2000, Andrew Pollock wrote:
   Hi,
  
   Is it currently possible with Radiator to readily have a
  handler that checks
   for the realm being in a set of realms? The reason I ask is we
  have a system
   here that can theoretically add additional realms that require
  to be handled
   at any point in time, and it would be ideal if Radiator could
  read this from
   an external file.
  
 
  I think you will have to use a PreHandlerHook to check your file,
  and perhaps
  set a pseudo-attribute in the request packet that will be used to
  select the
  Handler. There are some examples of hooks in the file
  "goodies/hooks.txt" in
  the Radiator 2.16.3 release (also included in all recent releases).
 
  hth
 
 Cool, thanks Hugh. Do you know how I might go about cacheing this file
 instead of opening it and reading it evertime the hook executes?
 

It depends on how complex the data is, but the simplest approach is to use the
GlobalVar constructs. The first two examples in "goodies/hooks.txt" show how to
do it. The first hook is a StartupHook which reads the file and initialises the
GlobalVar's, while the second hook uses the GlobalVar data to manipulate the
packet contents.

hth

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler for a set of realms

[Andrew Pollock]

Hi,

Is it currently possible with Radiator to readily have a handler that checks
for the realm being in a set of realms? The reason I ask is we have a system
here that can theoretically add additional realms that require to be handled
at any point in time, and it would be ideal if Radiator could read this from
an external file.

Hope this makes sense.

Andrew


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler for a set of realms

[Hugh Irvine]

Hello Andrew -

On Tue, 05 Sep 2000, Andrew Pollock wrote:
 Hi,
 
 Is it currently possible with Radiator to readily have a handler that checks
 for the realm being in a set of realms? The reason I ask is we have a system
 here that can theoretically add additional realms that require to be handled
 at any point in time, and it would be ideal if Radiator could read this from
 an external file.
 

I think you will have to use a PreHandlerHook to check your file, and perhaps
set a pseudo-attribute in the request packet that will be used to select the
Handler. There are some examples of hooks in the file "goodies/hooks.txt" in
the Radiator 2.16.3 release (also included in all recent releases).

hth

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler

[Robin Gruyters]

Hi,

Because we get garbage usernames, i've used the handler bit in the config file
(see below):

Handler User-Name = /\\x/
AuthBy FILE
Filename %D/reject-users
/AuthBy
/Handler

Handler
AuthByPolicy ContinueWhileIgnore

RewriteUsername tr/A-Z/a-z/

AuthBy LDAP2
Hosthostname
AuthDN  cn=radius,o=WISH, c=NL
BaseDN  o=WISH, c=NL
AuthPasswordencrypted
UsernameAttruid
PasswordAttruserPassword

AddToReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Address = 255.255.255.254,\
Framed-MTU = 1500,\
Primary-DNS-Server=  212.123.129.68, \
Secondary-DNS-Server= 212.123.128.16
/AuthBy

AuthBy LDAP2
Hosthostname
AuthDN  cn=radius,o=WISH, c=NL
BaseDN  o=WISH, c=NL
AuthPasswordencrypted
UsernameAttruid
PasswordAttruserPassword

AddToReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Address = 255.255.255.254,\
Framed-MTU = 1500,\
Primary-DNS-Server=  212.123.129.68, \
Secondary-DNS-Server= 212.123.128.16
/AuthBy

/Handler

Only the first handler doesn't work realy. Here is a dump:

*** Received from 195.7.137.163 port 1812 
Code:   Access-Request
Identifier: 21
Authentic:  4t18026252168t177148196f\10,20611
Attributes:
User-Name = "1631381881431592352421595176177
o177X22721913015725322324422681561706
2178%228?201141W23728135NssSB135165w147iv138$244z140O255134L152150247209_191224112
160.140239255197241168190147J203223216254239205255229227155201:210154247T2282022
1[218185/(4168|252255|234139P23015011134231239255230131161728y30,$210~230254237n
235i16826X252239255K29176135K139185N2031626cx144%254206254188225iT208"
User-Password = 210;=220139O164a|203176227AT172432m
1452051541371372Z15515730YN11B281
97173320421SJ160O221424{)190L173223)9y152199Kq204234184179)u220K156d*18v144150148
"192172152`3163167205130177133224180229715254147
NAS-IP-Address = 195.7.137.163
NAS-Port = 1299
Acct-Session-Id = "85066624"
Interface-Index = 2555
Supports-Tags = 0
Service-Type = Login
Chassis-Call-Slot = 6
Chassis-Call-Span = 1
Chassis-Call-Channel = 19
Connect-Speed = NONE
Calling-Station-Id = "0478631728"
Called-Station-Id = ""
NAS-Port-Type = Async

Wed Feb  9 18:22:39 2000: DEBUG: Check if Handler User-Name = /\\x/ should be
used to handle this request
Wed Feb  9 18:22:39 2000: DEBUG: Check if Handler  should be used to handle this
request
Wed Feb  9 18:22:39 2000: DEBUG: Handling request with Handler ''
Wed Feb  9 18:22:39 2000: DEBUG: Rewrote user name to
\xa3\x8a\xbc\x8f\x9f\xeb\xf2\x9f5\xb0\xb1 o\xb1x\xe3\xdb\x82\x9d\xfd\xdf\xf4\x
e28\x9c\xaa6^B\xb2%\xe4?\xc9\x8dw\xed^\\x87nsssb\x87\xa5w\x93iv\x8a$\xf4z\x8co\xff\x86l\x98\x96\xf7\xd1_^S^L\xf1^L\xa0.\x8c\xef\x
ff\xc5\xf1\xa8\xbe\x93j\xcb\xdf\xd8\xfe\xef\xcd\xff\xe5\xe3\x9b\xc9:\xd2\x9a\xf7t\xe4^T\xdd[\xda\xb9/(^D\xa8|\xfc\xff|\xea\x8bp\xe6\
x96^K\x86\xe7\xef\xff\xe6\x83\xa1^G^\y^^,$\xd2~\xe6\xfe\xedn\xebi\xa8^Zx\xfc\xef\xffk^]\xb0\x87k\x8b\xb9n\xcb\xa26cx\x90%\xfe\xce\xf
e\xbc\xe1it\xd0
Wed Feb  9 18:22:39 2000: DEBUG:  Deleting session for
\xa3\x8a\xbc\x8f\x9f\xeb\xf2\x9f5\xb0\xb1 o\xb1X\xe3\xdb\x82\x9d\xfd\xdf\xf4\
xe28\x9c\xaa6^B\xb2%\xe4?\xc9\x8dW\xed^\\x87NssSB\x87\xa5w\x93iv\x8a$\xf4z\x8cO\xff\x86L\x98\x96\xf7\xd1_^S^L\xf1^L\xa0.\x8c\xef\
xff\xc5\xf1\xa8\xbe\x93J\xcb\xdf\xd8\xfe\xef\xcd\xff\xe5\xe3\x9b\xc9:\xd2\x9a\xf7T\xe4^T\xdd[\xda\xb9/(^D\xa8|\xfc\xff|\xea\x8bP\xe6
\x96^K\x86\xe7\xef\xff\xe6\x83\xa1^G^\y^^,$\xd2~\xe6\xfe\xedn\xebi\xa8^ZX\xfc\xef\xffK^]\xb0\x87K\x8b\xb9N\xcb\xa26cx\x90%\xfe\xce\x
fe\xbc\xe1iT\xd0, 195.7.137.163, 1299
Wed Feb  9 18:22:39 2000: DEBUG: Handling with Radius::AuthLDAP2
Wed Feb  9 18:22:39 2000: DEBUG: Connecting to lrad.inside.servers, port 389
Wed Feb  9 18:25:11 2000: DEBUG: Reading users file /etc/raddb/reject-users
Wed Feb  9 18:25:12 2000: INFO: Server started

It says that it is reading the /etc/raddb/reject-users, but also you see that he
tries to contact the ldap server..

Why?


Owya, this is what the reject-users file contains:

DEFAULT Auth-Type = Reject


-- 
Regards,

 Robin Gruyters - SYS/B.O.F.H. - [EMAIL PROTECTED] - http://www.phear.nl
 RIPE nic-hdl: RG3771-RIPE   http://www.ripe.net/cgi-bin/whois?AS9133
 WISH Worldwide Websites B.V. PGP key ID DEB8C991
  Tel: +31(0)413242500 - Fax: +31(0)413332281 - http://www.wish.net/
  -- System 

(RADIATOR) Handler question

[Dmitry Niqiforoff]

Hello!

  Is it possible to invert the result of "attribute=value" clause in
Handler tag? I mean, is it possible to use something like Handler
NAS-IP-Address=192.168.0.1, Realm != global ?

--

  Regards, Dmitry Niqiforoff  [tel. +7 8462 427427]
  Kraft-S, JSC.
  Samara, Russia




===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler Realm=x,Called-Station-Id=y

[Hugh Irvine]

Hi Neale -

On Mon, 08 Nov 1999, Neale Banks wrote:

 8
 *** Received from 1.2.3.4 port 1645 
 Code:   Access-Request
 Identifier: 224
 Authentic:  q2137222187204z`178134m19123u
 Attributes:
 NAS-IP-Address = 1.2.3.4
 NAS-Port = 209
 NAS-Port-Type = Async
 User-Name = "neale2"
 Called-Station-Id = "12345601"
 Calling-Station-Id = "365432100"
 User-Password = "1412192307(oeMJ@208181160132"
 Service-Type = Framed-User
 Framed-Protocol = PPP
 
 Mon Nov  8 17:50:02 1999: DEBUG: Handling request with Handler 'Realm=example.net.au'
 Mon Nov  8 17:50:02 1999: DEBUG: Handling with Radius::AuthFILE
 Mon Nov  8 17:50:02 1999: DEBUG: Radius::AuthFILE looks for match with neale2
 Mon Nov  8 17:50:02 1999: DEBUG: Radius::AuthFILE ACCEPT:
 Mon Nov  8 17:50:02 1999: DEBUG: Access accepted for neale2
 
 8

H - what version of Radiator are you running? Radiator 2.13.1 had a fix 
for Handler.pm choosing the wrong handler. And could you send me a copy
of your configuration file (no secrets)? I don't understand how you can be
executing Handler Realm=example.net.au with a username of "neale2". Doesn't
make sense, does it? 

thanks

Hugh


--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler Realm=x,Called-Station-Id=y

[Neale Banks]

Hi Hugh,

 H - what version of Radiator are you running? Radiator 2.13.1 had a fix 
 for Handler.pm choosing the wrong handler. And could you send me a copy
 of your configuration file (no secrets)? I don't understand how you can be
 executing Handler Realm=example.net.au with a username of "neale2". Doesn't
 make sense, does it? 

Well spotted - I am still running 2.13.1.  That will teach me not to check
the updates first :-(

How about I load the updated Handler.pm and try that?

Thanks,
Neale.


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) handler regex question

[Hugh Irvine]

Hello Aaron -

On Thu, 05 Aug 1999, Aaron Holtz wrote:
 I seem to be getting some accounting records from my Ascends that do not
 include the User-Name attribute (I think they are dropped connections or
 some type of report from the Ascend.)  I have my handlers setup to only
 take requests from usernames that are valid as I seem to get a lot of
 "garbage" requests from misbehaving units and I don't want to even parse
 them.  But I would like to log the Ascend logs that come in, but they
 never match any handler I have as no User-Name attribute is in there. What
 I'd like to do is create a handler that works with these records. Will the
 following make a match on a request where NO User-Name attribute is sent
 or will it only match a User-Name attribute that exists, but is empty?
 
 Handler Realm="", User-Name=""
 /Handler
 
 
 I can't seem to find another attribute in the record that is unique to it
 and isn't included in a "good" looking accounting request.  Any thoughts
 are appreciated on how I can handle these.
 

I would be inclined to put an empty Handler after all your other Handlers 
(note that Handlers are checked sequentially until there is a match):

# This will catch anything else after all other Handlers are checked
Handler

/Handler

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler Problem

[Dialup USA Sales Dept]

I can't seem to get this handler to work correctly.  Here is the output of
my log file.  You will see that even though a user isn't dialing into one of
the numbers that is specified in the "Called-Station-Id" attribute he is
being authenticated by this Handler any ideas?

Help
Brandon

Attached is my current radius.cfg file.

*** Received from 206.15.168.72 port 47149 
Code:   Access-Request
Identifier: 11
Authentic:  31243"252.249s8163Hk21{227v
Attributes:
User-Name = "usa1001@usa"
User-Password = "J]196031oXz"232ERt1398"
NAS-IP-Address = 209.206.34.54
NAS-Port = 39
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 209.206.33.16
Called-Station-Id = "2068128787"
Calling-Station-Id = "2063671148"
NAS-Port-Type = Async
Annex-Transmit-Speed = 4
Connect-Info = "4  24000 V.90"
Signature = "21n233u2115137$1883145e170217238V"
Annex-Receive-Speed = 24000

Wed May 12 07:22:18 1999: DEBUG: Check if Handler
User-Name=/\@dual/,Framed-IP-A
ddress=/^206\.15\.|^208\.196\.|^209\.206\./ should be used to handle this
reques
t
Wed May 12 07:22:18 1999: DEBUG: Check if Handler
User-Name=/\@safeusa|\@kidscon
nect/,Framed-IP-Address=/^206\.15\.|^208\.196\.|^209\.206\./ should be used
to h
andle this request
Wed May 12 07:22:18 1999: DEBUG: Check if Handler Called-Station-Id =
/|2020|885
9810|9759810|9499810|8739810|9449810|9259810|9209810|2378018|2368018|2252255
|250
2255|3252255|3082255|9268063|9268064|9268018|9498019|3429810|4919810|2959810
|478
2255|9680468|7550755|3640364|7780778|2960296|3480348|/ should be used to
handle
this request
Wed May 12 07:22:18 1999: DEBUG: Handling request with Handler
'Called-Station-I
d =
/|2020|8859810|9759810|9499810|8739810|9449810|9259810|9209810|2378018|23680
18|2252255|2502255|3252255|3082255|9268063|9268064|9268018|9498019|3429810|4
9198
10|2959810|4782255|9680468|7550755|3640364|7780778|2960296|3480348|/'
Wed May 12 07:22:18 1999: DEBUG: Handling with Radius::AuthUNIX
Wed May 12 07:22:18 1999: DEBUG: Radius::AuthUNIX looks for match with
usa1001@u
sa
Wed May 12 07:22:18 1999: DEBUG: Radius::AuthUNIX ACCEPT:
Wed May 12 07:22:18 1999: DEBUG: Access accepted for usa1001@usa
Wed May 12 07:22:18 1999: DEBUG: Packet dump:
*** Sending to 206.15.168.72 port 47149 
Code:   Access-Accept
Identifier: 11
Authentic:  31243"252.249s8163Hk21{227v
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.255
Idle-Timeout = 900
Session-Timeout = 28800

 radius.cfg

Re: (RADIATOR) Handler vs Realm

[Mike McCauley]

Hi Ferhat.
Looks like maybe you are having some trouble with Handlers V Realms?

Radiator has a particular way of choosing which Handler or Realm to use to
handle a request. From the manual:

-Look for a Realm with an exact match on the realm name
-If still no exact match, look for a a matching regular expression Realm
-If still no match, look for a Realm DEFAULT
-If still no match, look at each Handler in turn until one where all the check
items match the request.
-If still no match, ignore (i.e. do not reply to) the request.

Some consequences of this:
- Realms have much higher priority than Handlers
- If you have a Realm DEFAULT, no Handlers will _ever_ fire.
- If you have a Handler with no match specifier, (ie Handler)
then no Handlers that follow it in the config file will _ever_ fire.

We usually advise not to mix Realms and Handlers in the same config file, as
you end up with configs that are difficult to understand.

Hope that helps

Cheers.

On May 6,  3:58pm, Ferhat Dilman wrote:
 Subject: (RADIATOR) Handler vs Realm

 [ Attachment (text/plain): 2398 bytes
   Character set: iso-8859-9 ]

 [ Attachment (application/octet-stream): "radius.cfg" 5267 bytes ]

 [ Attachment (application/octet-stream): "handler.cfg" 5299 bytes ]
-- End of excerpt from Ferhat Dilman



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Handler Realm=x,Called-Station-Id=y

[Neale Banks]

For some reason, I can't get this to be prefered over Handler Realm=x

Summarising the config file:

--8--
Client foo
Secret secret
DefaultRealm example.com
/Client
Client bar
Secret secret
DefaultRealm example.com
/Client

Handler Realm=example.com,Called-Station-Id="12345601"
AuthBy FILE
Filename %D/users
AddToReply cisco-avpair="ip:addr_pool=second_pool"
/AuthBy
/Handler

Handler Realm=example.com
AuthBy FILE
Filename %D/users
/AuthBy
/Handler

# placeholder for AuthBy UNIX...
Realm DummyForUnix
AuthBy UNIX
Identifier System
Filename /etc/shadow
/AuthBy
/Realm
--8--

The general idea is that the AddToReply (specifying a non-default
address-pool) will be invoked by calling with the last two digits being 01
(the NAS has PRIs with a 100-group of indial numbers).

Unfortunately, this doesn't sem to work (Radiator 2.13.1).  From the log:

--8--
*** Received from foo port 1645 
Code:   Access-Request
[...]
Attributes:
[...]
User-Name = "neale2"
Called-Station-Id = "12345601"
[...]
Fri Nov  5 18:44:56 1999: DEBUG: Handling request with Handler 'Realm=example.com'
[...]
Code:   Access-Accept
[...]
Attributes:
[...]
abscence of AddToReply items, all else as expected/desired
--8--

My reading of the docs is that Radiator will search the Handlers _in
order_ until it finds one that matches, hence my putting Handler
Realm=example.com,Called-Station-Id="12345601" before Handler
Realm=example.com.  However, we appear to always be falling through to
Handler Realm=example.com.

Any ideas/hints?

Thanks,
Neale.


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Handler Realm=x,Called-Station-Id=y

[Hugh Irvine]

Hello Neale -

On Fri, 05 Nov 1999, Neale Banks wrote:
 For some reason, I can't get this to be prefered over Handler Realm=x
 
 Summarising the config file:
 
 Handler Realm=example.com,Called-Station-Id="12345601"
   AuthBy FILE
   Filename %D/users
   AddToReply cisco-avpair="ip:addr_pool=second_pool"
   /AuthBy
 /Handler
 

I would be very interested to see if the Called-Station-Id fired if used on its
own. Ie - is it the Realm that is failing, or is it the Called-Station-Id?

Could you try a test with just this:

Handler Called-Station-ID = 12345601
AuthBy FILE

/AuthBy
/Handler

 --8--
 
 The general idea is that the AddToReply (specifying a non-default
 address-pool) will be invoked by calling with the last two digits being 01
 (the NAS has PRIs with a 100-group of indial numbers).
 

Understood.

 Unfortunately, this doesn't sem to work (Radiator 2.13.1).  From the log:
 
 --8--
 *** Received from foo port 1645 
 Code:   Access-Request
 [...]
 Attributes:
   [...]
   User-Name = "neale2"
   Called-Station-Id = "12345601"
   [...]
 Fri Nov  5 18:44:56 1999: DEBUG: Handling request with Handler 'Realm=example.com'
 [...]
 Code:   Access-Accept
 [...]
 Attributes:
   [...]
   abscence of AddToReply items, all else as expected/desired
 --8--
 

Could you also include a complete log file with the test above?

 My reading of the docs is that Radiator will search the Handlers _in
 order_ until it finds one that matches, hence my putting Handler
 Realm=example.com,Called-Station-Id="12345601" before Handler
 Realm=example.com.  However, we appear to always be falling through to
 Handler Realm=example.com.
 

What you expect should be what is happening. Please try the simple Handler
above and send me the results.

cheers

Hugh

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.